New technologies tackle spam problem

As the rising volume of junk e-mail, known as spam, continues to adversely affect worker productivity and consume valuable server and storage space, a new class of advanced filtering technologies is emerging to combat the problem.

New techniques go beyond scanning basic keywords or using hot lists that block e-mail messages from addresses used by spammers. Instead, they employ advanced detection filters and artificial intelligence software to give users more accurate information so they can determine whether a bulk e-mail message is legitimate.

Earlier this month, Trend Micro Inc. introduced a spam-prevention service that stops unwanted e-mail at an organization's Internet gateway. The service is based on "heuristic" technology and filtering rules developed by Postini Inc., which provides e-mail security services.

Heuristic technology calculates the probability that a message is spam based on the occurrence of a set of message characteristics. Such technology has a framework for solving a problem, rather than relying on a fixed set of rules that cannot vary.

Meanwhile, CipherTrust Inc. last month boosted the spam-fighting capabilities of its IronMail e-mail gateway appliance, giving it the ability to aggregate the results of multiple CipherTrust detection filters. This enables administrators to make more informed decisions about bulk e-mail messages.

SurfControl PLC, which enhanced its products' anti-spam capabilities last year, offers layered protection against e-mail risks with E-mail Filter 4.5. The software incorporates antivirus, anti-spam and e-mail auditing features.

Even vendors not known for e-mail security are joining the fray. VeriSign Inc., known more for securing e-commerce transactions, is working on an advanced anti-spam gateway with an unnamed partner. It is scheduled to debut within the next two months, according to Ben Golub, senior vice president of marketing and customer service in VeriSign's Security and Payments Division.

Organizations need a "smart system sitting out at the [Internet] gateway [that] can see certain patterns not available at the desktop," Golub said.

Those products and services are emerging as the spam problem reaches a crisis point for organizations, according to industry experts. In 2002, spam cost corporate organizations in the United States $8.9 billion, according to a Ferris Research report released earlier this year.

"Spam is growing out of control and has moved beyond being a nuisance to a critical stage," said Paris Trudeau, product manager at SurfControl. In many organizations, more than 25 percent of incoming e-mail messages are spam, she added. Analysts at Gartner Inc. predict that spam could account for more than 50 percent of corporate e-mail by 2004 if organizations don't find a way to control it.

Because spam can include computer viruses, disrupt network services and drain an electronic messaging system's storage resources, any effort to battle spam must be linked to efforts to secure e-mail systems in general, Trudeau said.

Most anti-spam products look for patterns such as toll-free telephone numbers or the word "free" in the subject line of e-mail messages. Then the tools take various actions against suspected mail, mainly putting them in quarantine folders, said James Kobielus, a senior analyst with the Burton Group.

But legitimate e-mail could contain words normally associated with junk mail. For instance, an advertisement agency that has drug manufacturer Pfizer Inc. as a client might need to allow e-mail with the word "Viagra" to flow to the proper recipients, noted VeriSign's Golub.

To help information technology managers and end users more effectively distinguish between legitimate mail and junk mail, vendors are incorporating more artificial intelligence into their products, he said.

"Everybody has heuristic technology," Kobielus said. "The big challenge is to provide software to detect nuances."

Trend Micro's Spam Prevention Service addresses this challenge by parsing and decoding e-mail header and content information in real time. Once a message is identified as spam, an IT administrator can take predefined actions, such as tagging, delivering or rerouting the message, said Kevin Murray, senior product manager at the company.

Trend Micro's anti-spam technology resides on a dedicated server between a firewall and the Internet gateway or between the gateway and the mail server, catching spam before it even reaches users' computers. The anti-spam service is part of a complete antivirus and content security offering.

IT managers can also fine-tune their anti-spam efforts by grouping junk mail into five categories: hate mail, get-rich-quick schemes, messages with sexual content, bulk mail or commercial spam, Murray said.

SurfControl also provides this capability. Its E-mail Filter comes with 15 predefined content dictionaries classified by categories such as "spam," "adult" or "hate speech." The company also uses artificial intelligence software to give administrators an additional level of protection, Trudeau said.

Based on the company's Adaptive Reasoning Technology, the Virtual Learning Agent can be trained to recognize and protect an organization's confidential information, she noted.

Aggregating Results

Officials at CipherTrust moved to help IT administrators make more informed decisions about possible junk mail by adding a new feature called Enterprise Spam Profiler. The profiler determines the probability that a message is spam based on input from five IronMail spam-detection filters.

Prior to this capability, IT administrators using IronMail could not analyze more than one result at a time, said Matt Anthony, CipherTrust's marketing director. Now they can look at the results from five filters, which improves spam detection and reduces false positives.

Several federal and state agencies have expressed an interest in IronMail's detection techniques, noted Max Peterson, vice president of federal sales at CDW Government Inc., which is reselling CipherTrust's secure messaging gateway. A customer in an agency within the Defense Department is currently testing the product, he noted.

"It's important in the government [for a product like IronMail] to work with other security applications," Peterson said. The IronMail appliance is installed at an organization's gateway and can scale up to deal with increasing volumes of e-mail traffic. Plus, it works with leading antivirus products, such as Network Associates Technology Inc.'s McAfee and Sophos Inc.'s virus-protection wares, he added.

Security and economic concerns are prompting civilian and defense agencies to search for Web-filtering and e-mail security products, said Gil Eng, domain manager with Northrop Grumman IT's computer systems division.

Eng said there has been a surge in interest in spam-detection products since the company started selling SurfControl's E-mail Filter through the General Services Administration's Schedule 70 last September.

"Spam control is [a] security" issue, especially with the growing concern about enemies attacking U.S. servers and networks, he said. "All viruses and Trojan [horse] programs happen through e-mail," and spam control is part of e-mail security. Also, government agencies are looking for ways to save money and increase productivity. As a result, they want Web filtering software that limits employees' ability to use the Internet and e-mail for private purposes and anti-spam tools that keep junk mail from consuming network resources.

Whether new anti-spam technologies are geared toward Internet service providers or IT administrators and end users, the goals are the same: Spot attacks in real time and use filters to screen messages so that spam never reaches end users' inboxes.